Maybe a dumb question: does this user have to enter name and password
for given web service?
I would think of using validation lists to do that job.
Just a thought.
On 10-6-2014 19:06, James H. H. Lampert wrote:
I need to validate that a web service, running under IWS, is being
called by a legitimate user with a correct password. (Needless to say,
it's being called through HTTPS.)
The only way I know of to do a programmatic password check is with a
QSYGETPH. Even though I never actually *use* the profile handle returned.
The docs for QSYGETPH say that it will run out of space if you call it
more than 20k times within a single job. And with a web service, there's
every reason to expect that limit to be exceeded.
Is there some other way of programmatically checking password validity,
one I'm not aware of, one that just gives me a yes/no answer, without
generating profile handles I'm not actually using?